The first thing you should do is to keep your application up to date. It is important to upgrade your forum when a new version is released. Latest application versions contain important bug and security fixes.

Disable the search function for guests and allow it only for registered users. Instructions how to do this can be found here. This will block attacks that use your forum’s search option.

Do not add extra mods unless you really need them. Adding many mods to your forum can significantly increase the size of its database and thus cause high server load. You should use only mods that you actually need.

Protect your forum against spam bots. If your forum is attacked by spam bots, thousands of topics and posts can be added to it in a very short period of time.  This will greatly increase the size of your phpBB database, which in turn will slow down your forum.

To prevent your forum from being overrun by spam bots, you can make the following changes to your forum’s configuration:

Enable the visual confirmation for new users. You can do this from the “Visual confirmation settings” menu under the “General” tab in your forum’s admin area. In this menu set the following settings as follows:

  • Enable visual confirmation for registrations: Enabled – By enabling CAPTCHA in your forum you will require new users to enter a random code matching a displayed image. This will prevent mass registration of spam bots.
  • Enable visual confirmation for guest postings: Enabled – This will require from your guests to enter a code matching a displayed image before posting. By doing this you can allow normal visitors to post without registration but block spam bots from posting in your board.
  • GD CAPTCHA: Yes – Set this option to yes in order to use the newest CAPTCHA that phpBB3 supports.
  • GD CAPTCHA foreground noise: Yes – This will make the image even harder for bots to recognize as text.
  • GD CAPTCHA background noise x-axis: 9 GD CAPTCHA background noise y-axis: 11 – From the experience we have gathered supporting thousands of phpBB3 forums, those are the best values to have a secure CAPTCHA image. This is the perfect balance between a recognizable by humans and at the same time hard for bots image.

Optimize your phpBB database by following the instructions in our article on How to optimize a MySQL database.